Last updated and effective as of January 23, 2020.
This Privacy Notice explains the practices that Actuate Therapeutics, Inc. (“Actuate”, “we”, “us”, “our”) follows in connection with the personal data that we collect through this website, when you contact us directly and through our research.
We may change this Privacy Notice at any time by posting the revised Privacy Notice on this site and indicating the effective date of the revised Privacy Notice. You will be notified of any material changes to this Privacy Notice by email, if you have provided that information to us. We will not materially change the rights you may exercise under this Privacy Notice without your explicit consent.
WHAT IS PERSONAL DATA?
In the context of the work that Actuate performs, personal data refers to any information that relates to an identified or identifiable individual such as a name, email, mailing address, phone number, or any information related to an individual’s health for the purpose of healthcare research.
PERSONAL DATA COLLECTION
We collect personal data provided directly by you during direct communication with any of our representatives either through email or by phone. We collect your name, email address, phone number and the reason for your communication.
For the purpose of our research, we do not collect your personal data directly. Your personal data is collected through the partners (“Site”) that manage the clinical trials that we sponsor. They collect your personal data as a participant of the clinical trial or as a Site employee or contractor involved in the clinical trial.
We do not collect your personal data directly from our website. Our website is purely informational and directs you to contact us through email if you wish to do so.
PERSONAL DATA PROCESSING
For the purpose of communicating with you when you call or send us an email, we collect your contact information including name, email address and in some cases phone number in order to reply to your inquiry.
The patient data that we obtain and use from the Site is pseudonymized and managed through an identifier that we cannot link back to you. Only the Site that collected your personal data can link it with the identifier they provide to us. The data we obtain from Sites and process, with your consent, includes:
- An identifier to track future data against;
- Data concerning your health and how you are responding within the clinical trial;
- Genetic and biometric data.
The employee or contractor data that we obtain from the Site is used to conduct a background check, verify the individual’s qualifications, satisfy documentation requirements for their employment or work performed on the clinical trial, and for other administrative purposes relating to their work performed in connection with the clinical trial. The personal data we require the Site to share with us regarding prospective employees, contractors or job candidates that perform work on our clinical trials include:
- Curriculum Vitae;
- Training records;
- Financial disclosures;
- Any correspondence between the Site and the employee or contractor related to their interest in performing work or being employed in connection with the clinical trial.
PURPOSE OF PERSONAL DATA PROCESSING
Actuate will process your personal data for the following purposes:
- To communicate with you if you request information from us;
- To review the outcomes of the clinical trial;
- To review the qualifications of the Site employees and contractors assigned to perform work on the clinical trial.
LEGAL BASIS FOR PROCESSING
In order to comply with different privacy and data protection regulations around the world and specifically to comply with the General Data Protection Regulation (“GDPR”) in the EU, we require to provide a legal basis for the processing of your personal data.
Actuate will not process (i.e. which includes to disclose, share, or otherwise disseminate) your personal data unless we have a legal justification to do so. Actuate will only process your personal data if:
- We or the Sites we partner with, have obtained your explicit consent prior to the processing of your personal data;
- If we need your personal data to perform a contractual obligation to which you are a party or where you have requested us to complete a contractual request;
- If we need to process your personal data to fulfill our legal and regulatory obligations;
- If we have a legitimate interest that will not put your fundamental rights and freedoms at risk. Such legitimate interests include monitoring activity on our website to improve the functionality of such website, identification and investigation of fraud or other impermissible use activity on our website, and participation in judicial proceedings to defend or pursue a legal claim or to prosecute illegal acts.
PERSONAL DATA DISCLOSURE
Actuate will only disclose your personal data without your consent to the following parties under specific circumstances:
- To Actuate personnel, if required, to fulfill your request;
- To service providers that support our systems or support the activities of the clinical trial, including the Sites that hold personal data about patients and employees or contractors;
- To law enforcement, regulatory bodies or courts, when we are required to do so under applicable laws and regulations;
- In connection with the sale or reorganization of all or part of our business, as permitted by applicable law.
PERSONAL DATA SECURITY
Actuate is committed to protecting the personal data we collect, process and disclose about you. We maintain appropriate safeguards and take reasonable steps to protect your personal data, ensure that we limit its use and that we disclose it only to the parties that have a legitimate reason to have access to it.
We ensure that all the parties that we disclose your personal data to, internal and external to Actuate, have contractual obligations to protect the security and the confidentiality of your personal data.
PERSONAL DATA TRANSFERS
Your personal data will be transferred to systems that reside in the US. The data will be protected and pseudonymized in some cases to ensure that the risks to your privacy are minimized.
We have implemented Standard Contractual Clauses with the parties that reside in the EU and that will transfer personal data to Actuate in the US.
Actuate complies with the requirements of the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. For more information regarding our adherence to these frameworks, refer to the EU-US – Swiss-US Privacy Shield section.
PERSONAL DATA RETENTION
Actuate will not retain your contact information after your request has been fulfilled.
Actuate and the Sites that we partner with for the purpose of clinical trials will retain your personal data for as long as necessary for the purpose of research, in the case of the clinical trial for 25 years, and to comply with legal and regulatory obligations.
RIGHTS YOU CAN EXERCISE ABOUT YOUR PERSONAL DATA
Subject to any exceptions provided by law, you have the right to request access to, update or deletion of your personal data.
You also have the right to request restriction of or object to the processing of your personal data. And you have the right to request to have your data transferred to another organization in a commonly used format.
On each particular case we will inform you of the consequences of your request and if there are any exemptions to honouring your requests based on legal or contractual requirements.
During a clinical trial your rights to access, update or delete your pseudonymized personal data may be limited as permitted by law. Specifically, we need to process your data in specific ways in order to maintain the reliability and accuracy of the research for reasons of public interest in public health and for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
HOW TO EXERCISE YOUR PERSONAL DATA RIGHTS
To submit any request to exercise your rights concerning your Personal Data you may contact us via email at email@example.com.
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Actuate has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by:
- Sending an email to firstname.lastname@example.org
- Using EDPO’s online request form at https://www.edpo.brussels/contact
- Writing to EDPO at Regus Paris- Champs Elysées, 12/14 rond-point des Champs Elysées, Paris, 75008, France.
EU INDIVIDUALS – RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
If you reside in the EU and want to lodge a complaint with a Supervisory Authority (Data Protection Authority) you may do so in the Member State where you reside, where you work or where you may have experienced an issue with the processing of your personal data.
If you have any further questions regarding the personal data that Actuate or any of our partners collect and process or if you have feedback regarding this Privacy Notice, you may contact us at email@example.com.
EU-US – Swiss-US. Privacy Shield
Actuate complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries, the United Kingdom, and Switzerland to the United States. Actuate has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov/list.
With respect to personal data received or transferred pursuant to the EU-US Privacy Shield Framework, Actuate is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Actuate’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Actuate remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Actuate proves that it is not responsible for the event giving rise to the damage.
EU-US – Swiss-U.S. Privacy Shield Complaint Resolution Mechanism
In compliance with the Privacy Shield Principles, Actuate commits to resolving complaints about your privacy and our collection or use of EU, UK, or Swiss personal data transferred to the United States pursuant to EU-US Privacy Shield. European Union, UK, and Swiss individuals with EU-US Privacy Shield inquiries or complaints should first contact Actuate by email at firstname.lastname@example.org.
Actuate has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction